Skip to content

Add ESLint meta object with description and category #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Add ESLint meta object with description and category #61

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
106 changes: 56 additions & 50 deletions rules/detect-buffer-noassert.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,63 +7,69 @@
// Rule Definition
//------------------------------------------------------------------------------

var names = [];

module.exports = function(context) {
module.exports = {
meta: {
docs: {
description: "detect buffer read / write calls that use noAssert set to true",
category: "Security"
}
},
create(context) {

"use strict";
"use strict";

var read = [
"readUInt8",
"readUInt16LE",
"readUInt16BE",
"readUInt32LE",
"readUInt32BE",
"readInt8",
"readInt16LE",
"readInt16BE",
"readInt32LE",
"readInt32BE",
"readFloatLE",
"readFloatBE",
"readDoubleL",
"readDoubleBE"
];
var read = [
"readUInt8",
"readUInt16LE",
"readUInt16BE",
"readUInt32LE",
"readUInt32BE",
"readInt8",
"readInt16LE",
"readInt16BE",
"readInt32LE",
"readInt32BE",
"readFloatLE",
"readFloatBE",
"readDoubleL",
"readDoubleBE"
];

var write = [
"writeUInt8",
"writeUInt16LE",
"writeUInt16BE",
"writeUInt32LE",
"writeUInt32BE",
"writeInt8",
"writeInt16LE",
"writeInt16BE",
"writeInt32LE",
"writeInt32BE",
"writeFloatLE",
"writeFloatBE",
"writeDoubleLE",
"writeDoubleBE"
];
var write = [
"writeUInt8",
"writeUInt16LE",
"writeUInt16BE",
"writeUInt32LE",
"writeUInt32BE",
"writeInt8",
"writeInt16LE",
"writeInt16BE",
"writeInt32LE",
"writeInt32BE",
"writeFloatLE",
"writeFloatBE",
"writeDoubleLE",
"writeDoubleBE"
];

return {
"MemberExpression": function (node) {
var index;
if (read.indexOf(node.property.name) !== -1) {
index = 1;
} else if (write.indexOf(node.property.name) !== -1) {
index = 2;
}
return {
"MemberExpression": function (node) {
var index;
if (read.indexOf(node.property.name) !== -1) {
index = 1;
} else if (write.indexOf(node.property.name) !== -1) {
index = 2;
}

if (index && node.parent && node.parent.arguments && node.parent.arguments[index] && node.parent.arguments[index].value) {
var token = context.getTokens(node)[0];
return context.report(node, 'Found Buffer.' + node.property.name + ' with noAssert flag set true');

if (index && node.parent && node.parent.arguments && node.parent.arguments[index] && node.parent.arguments[index].value) {
var token = context.getTokens(node)[0];
return context.report(node, 'Found Buffer.' + node.property.name + ' with noAssert flag set true');

}
}
}

};
};

}
};

53 changes: 29 additions & 24 deletions rules/detect-child-process.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,34 +9,39 @@

var names = [];

module.exports = function(context) {
module.exports = {
meta: {
docs: {
description: "detect instances of child_process",
category: "Security"
}
},
create(context) {

"use strict";
"use strict";

return {
"CallExpression": function (node) {
var token = context.getTokens(node)[0];
if (node.callee.name === 'require') {
var args = node.arguments[0];
if (args && args.type === 'Literal' && args.value === 'child_process') {
if (node.parent.type === 'VariableDeclarator') {
names.push(node.parent.id.name);
} else if (node.parent.type === 'AssignmentExpression' && node.parent.operator === '=') {
names.push(node.parent.left.name);
return {
"CallExpression": function (node) {
var token = context.getTokens(node)[0];
if (node.callee.name === 'require') {
var args = node.arguments[0];
if (args && args.type === 'Literal' && args.value === 'child_process') {
if (node.parent.type === 'VariableDeclarator') {
names.push(node.parent.id.name);
} else if (node.parent.type === 'AssignmentExpression' && node.parent.operator === '=') {
names.push(node.parent.left.name);
}
return context.report(node, 'Found require("child_process")');
}
return context.report(node, 'Found require("child_process")');
}
}
},
"MemberExpression": function (node) {
var token = context.getTokens(node)[0];
if (node.property.name === 'exec' && names.indexOf(node.object.name) > -1) {
if (node.parent && node.parent.arguments && node.parent.arguments[0].type !== 'Literal') {
return context.report(node, 'Found child_process.exec() with non Literal first argument');
},
"MemberExpression": function (node) {
if (node.property.name === 'exec' && names.indexOf(node.object.name) > -1) {
if (node.parent && node.parent.arguments && node.parent.arguments[0].type !== 'Literal') {
return context.report(node, 'Found child_process.exec() with non Literal first argument');
}
}
}
}

};

};
}
};
31 changes: 19 additions & 12 deletions rules/detect-disable-mustache-escape.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,25 @@
module.exports = function(context) {
module.exports = {
meta: {
docs: {
description: "detect object.escapeMarkup = false",
category: "Security"
}
},
create(context) {

"use strict";
return {
"AssignmentExpression": function(node) {
if (node.operator === '=') {
if (node.left.property) {
if (node.left.property.name == 'escapeMarkup') {
if (node.right.value == false) {
context.report(node, 'Markup escaping disabled.')
"use strict";
return {
"AssignmentExpression": function(node) {
if (node.operator === '=') {
if (node.left.property) {
if (node.left.property.name == 'escapeMarkup') {
if (node.right.value == false) {
context.report(node, 'Markup escaping disabled.')
}
}
}
}
}
}
};
}

}
};
22 changes: 15 additions & 7 deletions rules/detect-eval-with-expression.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,23 @@
// Rule Definition
//------------------------------------------------------------------------------

module.exports = function(context) {
module.exports = {
meta: {
docs: {
description: "identify eval with expression",
category: "Security"
}
},
create(context) {

"use strict";

return {
"CallExpression": function(node) {
if (node.callee.name === "eval" && node.arguments[0].type !== 'Literal') {
context.report(node, "eval with argument of type " + node.arguments[0].type);
return {
"CallExpression": function(node) {
if (node.callee.name === "eval" && node.arguments[0].type !== 'Literal') {
context.report(node, "eval with argument of type " + node.arguments[0].type);
}
}
}
};
};
}
};
43 changes: 26 additions & 17 deletions rules/detect-new-buffer.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,28 @@
module.exports = function (context) {
// Detects instances of new Buffer(argument)
// where argument is any non literal value.
return {
"NewExpression": function (node) {
if (node.callee.name === 'Buffer' &&
node.arguments[0] &&
node.arguments[0].type != 'Literal') {

return context.report(node, "Found new Buffer");
}

/**
* Detects instances of new Buffer(argument) where argument is any non literal value
*
*/

//------------------------------------------------------------------------------
// Rule Definition
//------------------------------------------------------------------------------

}
};

}

module.exports = {
meta: {
docs: {
description: "detect instances of new Buffer(argument) where argument is any non literal value",
category: "Security"
}
},
create(context) {
return {
"NewExpression": function (node) {
if (node.callee.name === 'Buffer' &&
node.arguments[0] &&
node.arguments[0].type != 'Literal') {
return context.report(node, "Found new Buffer");
}
}
};
}
};
56 changes: 32 additions & 24 deletions rules/detect-no-csrf-before-method-override.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,32 +8,40 @@
//------------------------------------------------------------------------------


module.exports = function(context) {

"use strict";
var csrf = false;

return {
"CallExpression": function(node) {
var token = context.getTokens(node)[0],
nodeType = token.type,
nodeValue = token.value;

if (nodeValue === "express") {
if (!node.callee || !node.callee.property) {
return;
}

if (node.callee.property.name === "methodOverride" && csrf) {
context.report(node, "express.csrf() middleware found before express.methodOverride()");
}
if (node.callee.property.name === "csrf") {
// Keep track of found CSRF
csrf = true;
module.exports = {
meta: {
docs: {
description: "Check and see if CSRF middleware is before methodOverride.",
category: "Security"
}
},
create(context) {

"use strict";
var csrf = false;

return {
"CallExpression": function(node) {
var token = context.getTokens(node)[0],
nodeType = token.type,
nodeValue = token.value;

if (nodeValue === "express") {
if (!node.callee || !node.callee.property) {
return;
}

if (node.callee.property.name === "methodOverride" && csrf) {
context.report(node, "express.csrf() middleware found before express.methodOverride()");
}
if (node.callee.property.name === "csrf") {
// Keep track of found CSRF
csrf = true;
}
}
}
}
};
};

}
};

Loading